Re: [PATCH] KVM: vmx: add mismatched size in vmcs_check32
On Fri, Apr 9, 2021 at 12:05 AM Sean Christopherson wrote:
>
> On Thu, Apr 08, 2021, lihaiwei.ker...@gmail.com wrote:
> > From: Haiwei Li
> >
> > vmcs_check32 misses the check for 64-bit and 64-bit high.
>
> Can you clarify in the changelog that, while it is architecturally legal to
> access 64-bit and 64-bit high fields with a 32-bit read/write in 32-bit mode,
> KVM should never do partial accesses to VMCS fields. And/or note that the
> 32-bit accesses are done in vmcs_{read,write}64() when necessary? Hmm, maybe:
>
> Add compile-time assertions in vmcs_check32() to disallow accesses to
> 64-bit and 64-bit high fields via vmcs_{read,write}32(). Upper level
> KVM code should never do partial accesses to VMCS fields. KVM handles
> the split accesses automatically in vmcs_{read,write}64() when running
> as a 32-bit kernel.
Good suggestion, thanks. I will send v2.
Re: [PATCH] KVM: vmx: add mismatched size in vmcs_check32
On 08/04/21 18:05, Sean Christopherson wrote:
Add compile-time assertions in vmcs_check32() to disallow accesses to
64-bit and 64-bit high fields via vmcs_{read,write}32(). Upper level
KVM code should never do partial accesses to VMCS fields. KVM handles
the split accesses automatically in vmcs_{read,write}64() when running
as a 32-bit kernel.
KVM also uses raw vmread/vmwrite (__vmcs_readl/__vmcs_writel) when
copying to and from the shadow VMCS, so that path will not go through
vmcs_check32 either.
Paolo
Re: [PATCH] KVM: vmx: add mismatched size in vmcs_check32
On Thu, Apr 08, 2021, lihaiwei.ker...@gmail.com wrote:
> From: Haiwei Li
>
> vmcs_check32 misses the check for 64-bit and 64-bit high.
Can you clarify in the changelog that, while it is architecturally legal to
access 64-bit and 64-bit high fields with a 32-bit read/write in 32-bit mode,
KVM should never do partial accesses to VMCS fields. And/or note that the
32-bit accesses are done in vmcs_{read,write}64() when necessary? Hmm, maybe:
Add compile-time assertions in vmcs_check32() to disallow accesses to
64-bit and 64-bit high fields via vmcs_{read,write}32(). Upper level
KVM code should never do partial accesses to VMCS fields. KVM handles
the split accesses automatically in vmcs_{read,write}64() when running
as a 32-bit kernel.
With something along those lines:
Reviewed-and-tested-by: Sean Christopherson
> Signed-off-by: Haiwei Li
> ---
> arch/x86/kvm/vmx/vmx_ops.h | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/vmx_ops.h b/arch/x86/kvm/vmx/vmx_ops.h
> index 692b0c3..164b64f 100644
> --- a/arch/x86/kvm/vmx/vmx_ops.h
> +++ b/arch/x86/kvm/vmx/vmx_ops.h
> @@ -37,6 +37,10 @@ static __always_inline void vmcs_check32(unsigned long
> field)
> {
> BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0,
>"32-bit accessor invalid for 16-bit field");
> + BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6001) ==
> 0x2000,
> + "32-bit accessor invalid for 64-bit field");
> + BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6001) ==
> 0x2001,
> + "32-bit accessor invalid for 64-bit high field");
> BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) ==
> 0x6000,
>"32-bit accessor invalid for natural width field");
> }
> --
> 1.8.3.1
>
[PATCH] KVM: vmx: add mismatched size in vmcs_check32
From: Haiwei Li
vmcs_check32 misses the check for 64-bit and 64-bit high.
Signed-off-by: Haiwei Li
---
arch/x86/kvm/vmx/vmx_ops.h | 4
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kvm/vmx/vmx_ops.h b/arch/x86/kvm/vmx/vmx_ops.h
index 692b0c3..164b64f 100644
--- a/arch/x86/kvm/vmx/vmx_ops.h
+++ b/arch/x86/kvm/vmx/vmx_ops.h
@@ -37,6 +37,10 @@ static __always_inline void vmcs_check32(unsigned long field)
{
BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0,
"32-bit accessor invalid for 16-bit field");
+ BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6001) ==
0x2000,
+"32-bit accessor invalid for 64-bit field");
+ BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6001) ==
0x2001,
+"32-bit accessor invalid for 64-bit high field");
BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) ==
0x6000,
"32-bit accessor invalid for natural width field");
}
--
1.8.3.1
